﻿namespace zyn_hy_login
{
    using System;
    using System.Collections.Specialized;
    using System.Web.UI;

    public class Check_sql : Page
    {
        protected Page thisPage;

        public Check_sql(Page sPage)
        {
            this.thisPage = sPage;
            this.urlCheck_sql();
        }

        public bool Check_From_Sql()
        {
            NameValueCollection form = this.thisPage.Request.Form;
            int index = 0;
            for (index = 0; index < form.Count; index++)
            {
                string[] values = form.GetValues(index);
                string key = form.GetKey(index);
                string text2 = values[0].ToLower();
                if ((((text2.IndexOf("'", 0, text2.Length) != -1) || (text2.IndexOf("and", 0, text2.Length) != -1)) || ((text2.IndexOf("select", 0, text2.Length) != -1) || (text2.IndexOf("update", 0, text2.Length) != -1))) || ((((text2.IndexOf("chr", 0, text2.Length) != -1) || (text2.IndexOf("delete%20from", 0, text2.Length) != -1)) || ((text2.IndexOf(";", 0, text2.Length) != -1) || (text2.IndexOf("insert", 0, text2.Length) != -1))) || ((text2.IndexOf("mid", 0, text2.Length) != -1) || (text2.IndexOf("master.", 0, text2.Length) != -1))))
                {
                    string script = "<Script Language=JavaScript>alert('出现错误！在你输入的内容中不要出现：";
                    script = script + "\n\n ;,and,select,update,insert,delete,chr 等非法字符！');location.href='javascript:history.back()';</Script>";
                    this.thisPage.RegisterStartupScript("03", script);
                    return false;
                }
            }
            return true;
        }

        public bool Check_Text_Sql(string from_text)
        {
            string text = from_text;
            if ((((text.IndexOf("'", 0, text.Length) != -1) || (text.IndexOf("and", 0, text.Length) != -1)) || ((text.IndexOf("select", 0, text.Length) != -1) || (text.IndexOf("update", 0, text.Length) != -1))) || ((((text.IndexOf("chr", 0, text.Length) != -1) || (text.IndexOf("delete%20from", 0, text.Length) != -1)) || ((text.IndexOf(";", 0, text.Length) != -1) || (text.IndexOf("insert", 0, text.Length) != -1))) || ((text.IndexOf("mid", 0, text.Length) != -1) || (text.IndexOf("master.", 0, text.Length) != -1))))
            {
                string script = "<Script Language=JavaScript>alert('出现错误！在你输入的内容中不要出现：";
                script = script + "\n\n ;,and,select,update,insert,delete,chr 等非法字符！');location.href='javascript:history.back()';</Script>";
                this.thisPage.RegisterStartupScript("03", script);
                return false;
            }
            return true;
        }

        public void showMessage(string p_strShowMessage)
        {
            this.thisPage.RegisterStartupScript("01", "<script language=javascript> alert('" + p_strShowMessage + "')</script>");
        }

        public bool urlCheck_sql()
        {
            if (this.thisPage.Request.ServerVariables["HTTP_REFERER"] == null)
            {
                this.showMessage("警告！不允许通过Url提交数据！！页面即将关闭！！");
                this.thisPage.RegisterStartupScript("02", "<script language=javascript>window.opener=null;window.close();</script>");
                return false;
            }
            string text = this.thisPage.Request.ServerVariables["HTTP_REFERER"].ToString();
            string text2 = this.thisPage.Request.ServerVariables["SERVER_NAME"].ToString();
            if (text.Substring(7, text2.Length) != text2)
            {
                this.showMessage("警告！你正在从外部提交数据！！页面即将关闭！！");
                this.thisPage.RegisterStartupScript("02", "<script language=javascript>window.opener=null;window.close();</script>");
                return false;
            }
            NameValueCollection queryString = this.thisPage.Request.QueryString;
            int index = 0;
            for (index = 0; index < queryString.Count; index++)
            {
                string[] values = queryString.GetValues(index);
                string key = queryString.GetKey(index);
                string text4 = values[0].ToLower();
                if ((((text4.IndexOf("'", 0, text4.Length) != -1) || (text4.IndexOf("and", 0, text4.Length) != -1)) || ((text4.IndexOf("select", 0, text4.Length) != -1) || (text4.IndexOf("update", 0, text4.Length) != -1))) || ((((text4.IndexOf("chr", 0, text4.Length) != -1) || (text4.IndexOf("delete%20from", 0, text4.Length) != -1)) || ((text4.IndexOf(";", 0, text4.Length) != -1) || (text4.IndexOf("insert", 0, text4.Length) != -1))) || ((text4.IndexOf("mid", 0, text4.Length) != -1) || (text4.IndexOf("master.", 0, text4.Length) != -1))))
                {
                    string script = "<Script Language=JavaScript>alert('出现错误！在你输入的内容中不要出现：";
                    script = script + "\n\n ;,and,select,update,insert,delete,chr 等非法字符！');location.href='javascript:history.back()';</Script>";
                    this.thisPage.RegisterStartupScript("03", script);
                    return false;
                }
            }
            return true;
        }
    }
}

